2.3 Flashcards
Summarize secure application development, deployment, and automation concepts. Summarize
Most organizations have multiple, separate __________ designed to provide isolation between the functions of development, test, staging, and production.
Environment
Is a type of environment that is sized, configured, and set up for developing applications and systems.
Development environment
Is a type of environment that is used to test a system fully prior to deploying it into production to ensure that it is bug-free and will not disrupt the production environment.
Test environment
Is an optional environment, but it is commonly used when an organization has multiple production environments. Primary purpose is to serve as a sandbox after testing, so the test system can test the next set while the current set is deployed across the enterprise.
Staging environment
Is a type of environment where the systems work with real data, doing the business that the system is intended to perform.
Production environment
Is a common step in any manufacturing process that ensures the delivery of high-quality software or IT systems. The primary goal of this step is to verify and validate that a product or system meets specified requirements and adheres to established standards.
Quality assurance (QA)
Is the process of assigning permissions or authorities to objects. Users can be provisioned into group, and computer processes or threads can be provisioned to higher levels of authority when executing.
Provisioning
Is the removal of permissions or authorities.
deprovisioning
Refers to the process of verifying and ensuring the integrity of software, systems, or data.
Integrity measurement
Refers to organizing data to minimize redundancy and dependency. It helps in preventing anomalies and inconsistencies in data, which can be exploited by attackers.
Normalization
These are precompiled SQL queries stored on the database server. They enhance security by allowing the database to execute specific tasks without exposing the underlying code to potential attackers.
Stored procedures
This involves intentionally making code or data unclear. It’s used to deter and thwart attackers attempting to analyze or exploit the system.
Obfuscation/camouflage
Involves leveraging existing code for new purposes, which can introduce security risks if the reused code contains vulnerabilities.
Code reuse
Refers to code that is no longer used but still present in the system, which can create security holes if not properly managed.
Dead code
Critical value checks or security checks should be performed on the ___________-side.
Server-side